CVE-2025-50428 | RaspAP raspap-webgui up to 3.3.2 includes/hostapd.php interface command injection

A vulnerability identified as critical has been detected in RaspAP raspap-webgui up to 3.3.2. The impacted element is an unknown function of the file includes/hostapd.php. Performing manipulation of the argument interface results in command injection.

This vulnerability was named CVE-2025-50428. The attack may be initiated remotely. There is no available exploit.

To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More